January 28, 2012

In the mere four days since Google announced significant changes to their privacy policies and terms of service (with a follow-up posting a couple of days later), the Net has been abuzz with associated criticisms and discussions.

I had hoped to at least let the dust settle on this a bit before chiming in, but when I saw an article yesterday comparing Google's changes with the creation of the humanity crushing "Skynet" from the "Terminator" movies, I figured perhaps a few words might be relevant sooner rather than later.

Google bundled a lot into a single announcement, and has emphasized the importance of the changes with prominent notes around their sites and via email notifications to Google account holders. They obviously did this in an effort to assure maximum transparency, but I believe they may have erred a bit by assuming most users had sufficient historical perspective to put the changes into a realistic context.

The result has been quite a bit of confusion and emotional reactions, much of which seems not grounded in reality.

Still, the changes are significant. Let's explore the landscape a bit and then you can draw your own conclusions.

We begin with that historical perspective I mentioned.

What is Google to most users?

Is it a service? A set of disparate services? A collection of related services?

We all know that Google began as a search engine. You dropped in search queries and got results back. You didn't need an account to use it. And obviously, it's also still free to use -- you don't need to login or have an account to use Google Search today, either.

Over time, other services joined under the Google banner. YouTube was an acquisition, and operated for quite a while with a unique account system completely different from the evolving Google Accounts structure. You could always view YouTube videos for free without an account, and you still can for the vast majority of YouTube vids.

For services that need accounts, like Gmail and Google+, there are differing identity characteristics. Gmail doesn't require the use of person-linked profiles. You can create multiple free Gmail accounts under various names, and as long as you're conducting yourself legally, you're good to go with a variety of different Gmail "personas" if you wish.

Google+ is by its nature more linked to individual identities -- that is, more of a one to one mapping with actual people (though Google+ Pages do provide a means to effectively create alternative identities even in that more individual-centric environment).

One upshot of this evolving set of Google services is obvious -- they have traditionally felt much more like completely separate entities than a unified Google experience per se. Even when you have a Google account (or accounts) -- which would seem to be the logical units for data management and sharing -- the handling of that data even within a single account has varied between services.

The complexities of this situation are illustrated by the more than 70 different privacy policies that have existed for the range of Google products and services. That's a lot of privacy policies.

It's not surprising then that many Google users have not had a clear idea, and in many cases have misunderstood, how their data is being handled by Google, despite Google's continuing evolution of user information and control tools such as their Privacy and Ad Preferences Dashboards.

Now compare this situation with Facebook, which was founded some years later than Google.

Facebook is seen largely as a single service, with its various functionalities usually viewed not in isolation but as parts of a comparatively unified whole. Even though some of these capabilities are similar to those of Google (e.g. video upload and playback in a manner somewhat akin to YouTube), the "unified" structure of Facebook tends to avoid questions of data sharing within a Facebook account. This despite the fact that at least theoretically users have far less flexibility in creating Facebook accounts than Google accounts, and far more functions require login for access on Facebook as opposed to with Google.

It's been obvious for some time that Google wants to move toward a more unified services structure itself. Social applications pretty much require this to provide a useful environment for participants, and there are many other benefits both to users and the services providers.

In an appropriately implemented unified system, users are able to easily both understand and control what information they share with others, without having to manage an array of disparate policies and environments. Service providers benefit from being able to provide more relevant ads for free services on an account basis, rather than on a fragmented service basis. And these are the ads that -- whether you like it or not -- are critical to keeping these services free for the vast majority of users like you and me.

So with all this in mind, what is it that Google is actually changing in their privacy policies and terms, and just as importantly, what aren't they altering?

They're distilling down those 70+ privacy polices to just a few, and working to make them more easily understandable. This is largely noncontroversial -- simplicity rather than complexity in such documents is almost always a big win for everyone involved (at least if you're not a lawyer, and often even then!)

And (here comes the controversial part) Google will be using collected data
across Google Account related services for the provision of ads and the like,
instead of restricting that data to individual service "silos" within individual Google accounts.

Now, what isn't happening with these policy and terms updates, as I understand them:

Is Google collecting more data regarding your activities as a result of these changes? NO.

Is Google sharing your data with other users or third parties as a result of these changes? NO.

Are Enterprise (paying) customers affected by these changes? NO.

Is Google changing the way they handle your Google Account data vis-à-vis data related to third-party sites running services such as Google Analytics or DoubleClick? NO.

Is Google requiring you to login to use more services? NO.

Does the new cross-services data sharing policy have any impact on you when you're not logged-in? NO.

Is your information shared between separate Google Accounts that you may have created for different Google services? NO.

Will you be prevented from creating separate Google Accounts for different Google services? NO.

- - -

So what does the new data sharing policy really mean? Well, for example, if you're logged into the same Google Account for Search and YouTube, you might see ads in one based on searches in the other (with these ads in general impacted by your settings in the Ad Preferences dashboard, which allows a great deal of control over all this, including choosing not to receive customized ads at all).

The irony is that many persons have apparently assumed that this kind of sharing was already the case when they were logged into a single Google account for different services. It seems completely logical and useful for ad preferences and customizations to be shared across services when using the same Google account. After all, you're the same person, and your data is being handled only by Google, not being shared with third parties.

But there are people who prefer the historical compartmenting of data between services, despite what we could call the "natural sharing" characteristics of a single account in the generic sense.

As we've noted, you can still use Google Search and more without logging in. You can create multiple accounts and associate different accounts with different Google services. You can easily use Google's "Data Liberation" system to download messages and documents from Google services to move them to other Google accounts, or to outside services entirely. By combining various browser add-ons with Google's existing fast account switch commands, you can make the process of using different Google accounts with different services essentially as automated as you wish.

This sort of flexibility seems in considerable contrast to the sorts of situations we face in other aspects of lives, such as with banks and credit card companies who usually share far more information about our activities (especially to third parties) than do most major online services, and provide far fewer options for user control.

Of course ultimately the decisions about what services you wish to use -- both online and offline -- are up to you. Reasonable persons can have differing opinions and can disagree regarding the value, importance, and impacts of changes in privacy, terms of service, or various other aspects of services in cyberspace or the brick and mortar world.

But I do think it's crucial to at least start from a foundation of facts, not hyperbole, and with an appropriate sense of not only where we are, but where we've been as well.

January 27, 2012

With some fanfare, Twitter announced yesterday that they were implementing a mechanism for IP-based censorship of tweets on a country by country basis -- triggered by demands made by individual countries themselves.

It's been accurately noted that Twitter (like most other global Internet firms, including Google and Microsoft) has long globally removed certain materials as a perceived legally required response to individual countries' "orders" in these respects. Localized takedowns (such as the removal of certain Nazi-oriented search results in France) are also not uncommon.

And obviously such companies must obey these orders if they are to continue doing business in those nations -- even when the orders are utterly contrary to basic tenets of human rights and free speech.

In their analysis of this situation, EFF briefly mentions -- but seems to downplay -- the "slippery slope" aspect of country by country censorship capabilities. EFF also asserts that "transparency" requirements -- e.g., Twitter publicly noting when takedowns occur, represents a significant mitigating factor.

But Twitter's new acceptance of localized censorship perhaps provides an opportune moment to take another look at this entire situation, with an eye toward determining whether such approaches do more harm than good, both globally and locally.

Unfortunately, there is virtually no evidence to contradict, and vast evidence to support, the notion that the more "localized" and "frictionless" a censorship system, the more governments will expand their use of such systems over time.

In the Internet context, the problems triggered by providing localized censorship capabilities are easily visible on both sides of the fence.

For the country doing the censoring, localized censorship capabilities are a dream come true. They can push through all manner of takedown demands, knowing that pushback from the Internet services involved will be minimized by the fact that such services no longer have to risk the global wrath of users in other countries affected by global takedowns. So especially for those countries who already imprison their citizens for merely writing a blog post or sending a tweet that is not in keeping with the party line, the local censorship approach seems a page directly from their oppressive playbooks. And they can feel pretty confident that those firms won't feel the need to cease providing all services to such countries, since they can censor in those nations without affecting the remainder of their global user bases.

Local censorship can indeed sometimes be easier on the Web service firms. They are no longer faced with the binary choice of accepting global censorship demands, vs. pushing back on such demands (as they would likely be more inclined to do when global takedowns are the norm), and perhaps having to threaten to no longer do business in or provide services to those countries.

Essentially, localized censorship systems provided by global Internet firms can enable a mechanism for evading key foundational ethical questions. If faced with a total cutoff of such important services, rather than an easy way to consummate their censorship demands, would many nations actually choose the former, total cutoff course? How would their populations react? What would be the political and other ramifications?

But these become purely academic questions when country by country blocking and takedowns are available, because the systems then provide a comparatively frictionless path for both governments and Web service providers. The losers, by contrast, are the ordinary people in those censored countries.

It is certainly true that some knowledgeable users in such countries will likely find ways around blocks and associated nationally-based takedowns, through proxies or other means. But most persons in those nations probably will not know how to do so, and would be fearful of the risks associated with being discovered using such circumvention technologies.

Nor is there significant evidence suggesting that transparency "listing" requirements reduce censorship at all. Most purveyors of censorship have little concern regarding who knows that they are engaging in censorship, so long as the censorship is taking place.

I would never assert that this is a simple situation, or that these are easy decisions for the firms involved. There are many complex and frequently conflicting aspects, forces, and considerations in play, both in purely business and other spheres.

Still, my gut feeling is that moves toward localized censorship enabling systems ultimately fall into an ethically suspect arena. While they likely reduce the need for global takedowns, they also seem destined to perpetuate and over time increase the use of censorship against national populations by their governments, sometimes in intensely oppressive manners.

There is a disquieting sense of trying to make peace by pushing censorship behind borders where everyone else doesn't have to deal with it, while the targets of censorship are left to wither under an ever escalating barrage of national censorship demands.

It's difficult to see how the scourge of censorship can be realistically fought in such an environment, where for all practical purposes the result of these arrangements is censorship being effectively given a stamp of approval, so long as any given item isn't censored on a global scope.

This may indeed be a workable mechanism for avoiding the need to fight intense anti-censorship wars, or threatening countries with major service cutoffs.

On the other hand, if we actually care about persons under the boots of censorship loving regimes, perhaps we should be giving a bit more consideration to the notion that some concepts -- freedom of speech among them -- truly are worth fighting for.

January 21, 2012

By now you no doubt are aware of the massive (and probably unprecedented in terms of Internet scope) international seizure by the U.S. of the Megaupload file sharing service and many of its principal characters. Word is that famed attorney Robert Bennett will be representing the Megaupload defendants.

The scale of the operation -- with agents swooping in like ninjas -- and the way the various governments involved are touting the results, seem more in line with the plot for the James Bond film Goldfinger than a copyright enforcement action. But as far as I know, there weren't nuclear bombs ticking away in the Megaupload data centers, set to explode and make everyone's data radioactive.

But for innocent users of Megaupload, including vast numbers of paying users who have been using the site for completely legitimate file transfer purposes, their data might as well be radioactive now, or simply "blown to bits" in a mushroom cloud.

Because despite the fact that Megaupload seems to now be in "Whac-A-Mole" mode, popping up and vanishing under various IP addresses, for most users their data has effectively been sucked into the Roach Motel, past the event horizon into a black hole of government evidence and assets forfeitures.

Let's be clear -- there does appear to be plenty of evidence that the operators of Megaupload were indeed engaged in a criminal enterprise at some level, that made a lot of money based on copyright infringements.

To the extent that this is true, they and any users who knowingly participated in their scheme deserve to be punished, but with all due process rigorously observed.

But what of the innocent users of Megaupload? Where is their due process in this game of international data seizures?

There is something extremely disquieting in this picture of governments (especially when reaching into other countries) preemptively shutting down Internet services on which law-abiding persons depend.

The U.S. government in particular has become extremely enamored of seizing assets prior to trial, and in some cases not returning them intact to users in the case of their being found innocent. Auctioning off such seizures has become a tidy little profit center.

This behavior can be viewed as problematic on its face when innocents are involved, but the extension of this sort of logic to the Internet world and cloud-based data storage services could be catastrophic.

One analogy is the safe deposit boxes in a bank. There are certainly cases where the government seizes specific boxes, or states sell off the content of "abandoned" boxes (both controversial issues, I should add).

But the Megaupload case is more akin to the government seizing every safe deposit box in a bank because the bank owners (and possibly some percentage of the safe deposit box users) were simply accused -- not yet convicted -- of engaging in a crime.

What of the little old lady with her life savings in her box, or the person who needs to access important documents, all legitimate, all honest, no crimes of any sort involved.

They are -- to use the vernacular -- screwed.

Whether or not the legitimate users of Megaupload ever get their data back (possibly after it has all been rifled for goodies by various governments), it's clear that honest users who have depended on Megaupload are being seriously injured right now by this sort of government action, which seemingly equates impounding a stolen car with shutting off access to vast quantities of non-infringing users' data, without obvious recourse for those users.

While acknowledging the government's legitimate interest in taking action against specific large-scale copyright violations, the requirements of due process and in particular the protection of innocent parties must have priority.

You don't arrest everyone at a football game because a wanted criminal may be among the crowd. At least, not unless you're attempting to channel the old East German "Stasi" secret police sensibilities.

Our ability to confidently use the ever expanding array of important and useful cloud-based data services of all kinds rests on the assumption that our data will be safe from government overreaching and intrusions into the affairs of law-abiding citizens and their property -- including their data stored on remote Internet servers.

Otherwise, we may find ourselves figuratively in much the same position as 007, strapped to a table with a laser beam moving inexorably up between our legs, wondering if our next data transfer may be our last.

January 20, 2012

I spend a great deal of my time dealing with issues that reside within the intersection of technology policy with social and public policy concerns. Privacy, security, and a host of other issues fall squarely into this zone. They're complex enough by themselves, but are made all the more complicated by the toxic political atmosphere with which so many important matters are now intertwined.

One particularly crucial aspect of these issues revolves around how we can responsibly handle and use of the vast amounts of data now being generated by Web activities, sensor arrays, and so many other aspects of our lives.

Powerful new analytical systems and techniques -- the whole area now popularly referred to as "Big Data" -- offer the promise of solving a vast array of critical problems in health, climate, and many other areas.

But responsibly using such data also requires dealing appropriately with related vexing issues in the realms of privacy, anonymity, user choice, and associated concerns. As usual, our public policies have lagged dramatically behind our technological capabilities.

It is with all this in mind, and in the hope of encouraging a rational approach toward this entire spectrum of issues, that I'm very pleased to announce "DWEL" - the Data Wisdom Explorers League -- founded in association with Google, which is providing funding support for this effort.

The goal of DWEL is to serve as a global resource for discussions, educational outreach, and a range of other relevant services in this essential sphere. Our efforts will focus on helping us all move toward the best possible uses of data in responsible manners for solving problems, providing services, and improving our lives and planet.

January 18, 2012

But there's a real risk as well. When the big home page banners come down, and the site "blackouts" are lifted, the urge for the vast majority of Internet users to return to "business as usual" will be very strong.

Perhaps you've signed an online petition or tried to call your Congressman or Senator today, and you've probably already heard that DNS blocking provisions (at least for the moment, pending "further study") were announced as being pulled from SOPA and PIPA several days ago.

So you might be tempted to assume that the battle is over, the war is won, and that -- as Maxwell Smart used to say -- "Once again the forces of niceness and goodness have triumphed over the forces of evil and rottenness."

Nothing could be further from the truth.

In fact, the forces arrayed in favor of Internet censorship are not only powerful and well funded, but are in this game for the very long haul indeed. A day of demonstrations to them, as annoying as they may be to these censorship proponents in the very short run, are in the final analysis more like a single human lifetime compared against the centuries.

PIPA is coming up for an important vote shortly, and word is that SOPA will likely reemerge (with its horrific search engine censorship provisions intact) next month.

Even if there are further delays and changes, it is inconceivable that pro-censorship forces, given the depths of their economic beliefs and disdain for Internet free speech, will ever give up.

Like zombies rising repeatedly in an old horror movie, they will keep pouring money into Congress and be continually working on strategies to remake the Internet in their own images.

This may involve SOPA and PIPA. It will likely also involve new legislation down the line that hasn't even yet been introduced, some standalone, some possibly buried in other bills. Censorship arguments will expand to include law enforcement wish lists, "protect the children" arguments, and every other pro-censorship stakeholder wish list that you can imagine.

The battle against Internet censorship is literally a war without end. Pro-censorship alliances will shift and change over time, the names of involved legislation may be different, but the overall thrust will stay essentially the same, and the trend will always be toward more censorship, not less.

All of this is true even if we ignore the possibility of a horrific triggering event like a terrorist attack that enables vast new knee-jerk civil liberties crackdowns.

We must be prepared to battle censorship on the Internet as a matter of our everyday lives. That means a continual presence in Washington and other capitals around the world, not just collectively but in terms of constant long-term campaigns of individually written letters and direct phone calls to our own elected officials -- both among the most effective techniques -- short of suitcases full of cash. Educational campaigns explaining why the battles against Internet censorship are so crucial must continue on our sites, and in our other personal and professional communications as well, every single day.

We cannot be complacent. These efforts to preserve free speech on the Net can never end, or we will all lose one of the Internet's most important wonders, and our civil rights -- both off and on the Internet -- will be snuffed out like a candle in the darkness, with only a waft of digital smoke left behind as a memory of what might have been.

Today's anti-censorship demonstrations were but the first sounding of the bugle, the first loud call to arms.

The war to protect free speech and fight censorship on the Internet is guaranteed to long outlive us all.

January 16, 2012

A number of major Internet sites have announced plans to "blackout" this coming Wednesday -- that is, block users from most or all access to their normal site resources -- to protest against SOPA/PIPA for up to 24 hours.

Since it is widely known how strongly I oppose these legislative nightmares, a number of site owners have asked if I would recommend that they join in this form of protest.

I have told them that I definitely advise against this protest method.

Most widely used Internet sites in particular have spent a great deal of time and effort to create reliable destinations on which users can depend -- for applications related to communications, work, school, and all manner of queries, concerns, and discussions.

As much as I abhor SOPA and PIPA, I do not feel that voluntarily cutting the Internet community off from important resources for significant periods of time is an appropriate course of action. It penalizes vast numbers of Internet users around the globe, not specifically the proponents of SOPA and PIPA.

Rather than "blacking out" a site (and presumably only displaying information about how to fight SOPA/PIPA. with access to normal functions unavailable), a far more logical, sensible, and prudent approach, that would likely be even more effective in this battle, would be for protesting sites to display a "splash page" with information explaining how to contact your Congressional representatives and express your displeasure with these legislative efforts.

Splash pages could either time out automatically and continue through to the normal site after some number of seconds, and/or permit users to click through to the regular site resources after some specified period of time (again, some number of seconds).

It's possible to present an "in your face" protest of SOPA/PIPA, with meaningful links and information for battling these abominations, without cutting off users from the site resources themselves.

The website resources blackout approach is misguided and -- even with the most laudable of motives -- essentially irresponsible.

That's my opinion, anyway.

All the best to you and yours on this Martin Luther King, Jr. Day.

--Lauren--

Addendum (2:25pm): I might add that apart from the discussion above, history suggests that this type of protest -- likely to flood Congressional phone lines for a day or two -- is among the least effective, almost certainly to be relegated to the category of mass mailings and other directed protests. Personal letters and other unscripted communications with Congressional representatives can most definitely have a positive impact, but politicians have learned over the decades that the high volume, organized, "call your congressman" protests tend to be the least meaningful.

January 14, 2012

Regular readers know that I am not a fan of Facebook. I've long been (and continue to be) a critic of their privacy practices and related implementations. I don't actively participate in Facebook, other than with an essentially empty account providing me with access to inspect the various user interfaces and interactions.

So it's with a bit of irony that I find myself in the position of having to come out in support of Facebook, in response to a torrent of complaints about their initiative to analyze the political sentiments of Facebook users in conjunction with Politico.

The project involves an automated system to scan Facebook posts and comments for politically-related text, analyze the resulting data, and derive an overall look at Facebook users' sentiments on this topic, which given the size of Facebook's user community could potentially provide important new insights.

But I've been inundated with people upset that Facebook is "reading their private messages" and so supposedly horribly violating their privacy.

I'm sorry, I just don't see it that way.

I have a maxim that I've used as a guide for many, many years. It's very simple.

"Choose your battles carefully."

I don't claim to have the military insight of Sun Tzu, but this simple idea has served me fairly well.

And in this particular Facebook case, we shouldn't even be thinking of a battle at all, because there is no demonstrable vector for damage to any Facebook users through the anonymous, automated statistical process as described, and there is the potential for significant knowledge benefits to society from the results.

We're at a crossroads where it is now obvious that simply throwing away the vast and rapidly increasing amount of data being generated by our lives, without first considering the responsible derivation of useful knowledge from that data, is like flushing a natural resource down the toilet.

Obviously, there is much data that shouldn't be kept in its raw form forever, to help protect against the possibility of retroactive abuse by governments or others. That's why I've applauded the now fairly standard practice of scheduled data anonymization and deletion by major search engines and other services for user search query and other data, for example.

On the other hand, to argue that it should be forbidden to derive useful knowledge from data in ways that protect individual users' privacy but still allow for aggregate analysis, would be incredibly wasteful.

A classic example is health care. We all want our individual health-related activities to be kept private. But without some mechanism for the aggregate sharing and analysis of healthcare data, it would be impossible to reasonably recognize and understand trends in disease, diagnostics, and treatment. Epidemics and pandemics would be far harder to spot early on, and to potentially control. Real lives are at stake.

In our everyday world, all manner of activity data is subjected to various forms of aggregated analysis and often publication. Phone companies and ISPs watch calling and traffic. Credit card companies and banks explore transaction patterns in great detail, as do stores with "loyalty card" systems.

Internet messages are scanned by automated systems for anti-spam, anti-phishing purposes, and for ad displays. Search trends are derived from user search queries.

And so on. There is usually nothing nightmarish about these systems, so long as individual users' data is protected. And the benefits of the knowledge derived from such data can be very important. Not only do they serve to keep even incredibly sophisticated Internet services free to most users, but the health, safety, and other realms of aggregate statistical information can serve critical public needs.

So like I said, choose your battles carefully. There are enough true privacy problems to keep us busy into the dim future. Wasting time, effort, and emotion on useful anonymous data analysis like Facebook's Politico project just doesn't make sense.

January 13, 2012

Wow. I haven't seen such a flurry of consternation and complaints since Coca-Cola replaced their original formula with "New Coke" decades go.

The Net's abuzz with the sound of SPYW (Search, plus Your World - perhaps an unfortunate acronym) -- Google's new effort to significantly integrate Google+ (G+) with Google Search.

The sense of panic in geekdom over this change can only have been amplified by word that the manufacturer of Twinkies is filing for bankruptcy protection again.

Oh, the horrors! Agony. Agony.

[cue sound of needle scratching across vinyl record]

OK gang. Settle down. Even if real Twinkies vanish, there are plenty of similarly delectable knockoffs, and no matter what you've heard about SPYW, the sky isn't falling.

There are piles of places where you can read about the details of what Search, plus Your World is and how it works.

I'm not going to review or rehash those here.

But a lot of people have been asking me to comment, and I've been playing with SPYW for a couple of days to get a feel for its user experience, so here are a few preliminary thoughts regarding how SPYW works and the controversy surrounding it.

First some facts we can stipulate.

We all know that Google is dominant in search, and some observers seem to feel that this means they should be regulated as if they were a public utility.

Of course they're not a public utility, and there have never been reputable arguments asserting that their current dominance in search was achieved through subterfuge -- which immediately differentiates them from the most commonly quoted comparison of Microsoft, who indeed did use underhanded means to force Windows on the world.

And frankly, one of the aspects that makes legislation like SOPA (Stop Online Piracy Act) so nightmarish is the thought of the U.S. Congress -- perhaps the best example of dysfunctional government in the western world -- essentially dictating search results.

Anyway, the public utility argument is used to try assert that certain actions that would be OK for a non-dominant search engine (like Microsoft's Bing, which is deploying a deep integration with Facebook), are supposedly not OK for Google to do, even with its own services like Google+.

On the other hand, there are critics of SPYW who suggest that if Google had given equal preference to (for example) deep data from Twitter, as they are doing now for G+, there wouldn't be such an outcry. This despite the fact that Google no longer has access to Twitter data at that level, after contract renewal negotiations that would have continued real-time access to tweet streams failed.

So we're faced with a question. Does the fact that Google has far better access to its own G+ postings data than to Twitter postings data mean that Google should be prohibited from optionally featuring G+ postings data to G+ users in Google Search results?

It seems to me that the answer to this question should primarily revolve around user choice.

If you're not a G+ user, or you're not logged-in to Google, your natural (organic) search results are not going to include "personalized from your G+ circles" G+ listings (though public G+ postings, which have long been indexed, may continue to be present in results as usual). If you are logged-in and you are a G+ user, by default you'll see the G+ related listings. These can be enabled or disabled on a search by search basis by controls on the search page, or completely disabled (along with other personalization features such as Web history, though I'm told localization features will still be present) through search settings.

Now, as a heavy G+ user (though with a fairly limited number of people in my G+ circles, just to keep the stream readable for me given the time available) I sometimes am definitely very interested in what my G+ universe of folks has to say about various topics. Seeing these in my Google Search results can be very useful -- sometimes.

I say "sometimes" because in the current implementation, I'm finding that those personal results often aren't terribly useful, mainly because I've already seen most of them over on G+ previously. So I find myself frequently turning off SPYW on a results page to restore the non-personalized listings.

And frankly, I'm experimenting with turning SPYW off entirely (though I'm reluctant to do this long-term yet, since i know that as Google iterates the feature it will certainly improve in relevance).

For other persons, who don't keep track of their G+ stream as closely I do, having those G+ related listings in their search results may routinely be a really big win.

But it's a choice matter. I choose to use Google+, and I appreciate the option of including those listings -- or not -- in my search results. Search is after all just one part of the Google ecosystem that I'm logged into. Keeping these various services completely distinct just wouldn't make sense, either from a business or user experience standpoint.

Critics of the new "circles suggestions" aspect of SPYW, which apparently appears whether or not you're a G+ user, and even if you're not logged in or have disabled personalized results, seem to be on firmer ground with their criticisms.

These suggestions are now appearing in the prime top of page real estate for key searches on the right-hand side above the paid ads (not in the organic, natural search results, it's important to note).

I'm finding these fairly irritating right now, and there's no way I know of to suppress them.

If I search for "music" (logged in or not), I'm presented with circle invites for
Britney Spears and Snoop Dog. Every time. Over and over. I have no interest in
adding either of these persons to my circles, and I would prefer waterboarding to adding Britney. But they keep popping up, and there's not even a way to dismiss them and say "I don't want to see these people again!"

Down below those two display elements are the ads, which I've noticed frequently include Bing. In fact, when I tested this just now, the paid ad above the organic search results in fact was for Bing. So Microsoft shouldn't have anything to complain about in that respect.

But I still want Britney and Snoop suggestions to leave my search results pages, permanently.

Is that level of Google+ promotion in the right-hand results pane -- to non-logged in users in particular -- problematic from a competition standpoint?

I'm not sure. I'm not an antitrust lawyer. Dedicated Google haters will always find something to latch onto, but my gut feeling is that this seems to be pushing the envelope significantly, and in effect perhaps unnecessarily providing red meat to critics at a very sensitive time.

So while I appreciate the desire to promote G+, it's quite possible that this aspect of the services integration is at least ill-advised now, in the current implementation.

A couple of other notes.

Turning off personalization in the search settings disables all personalization except localization, so if you're a user of Web History those signals are also disabled. Being able to more selectively control this would be desirable.

We also need to face the old opt-in, opt-out dilemma. SPYW is enabled by default for logged-in G+ users. Some observers are arguing that it should have been opt-in, though since G+ users have already chosen to use G+, an argument can really be made either way, and as always the ramifications of opt-in vs. opt-out choices can be significantly more complex than they may appear at first glance.

An alternative would have been to default in the G+ users, but to make it even clearer how to turn off personalization through search settings if they wish.

So here's where we end up for the present.

As a G+ user, I appreciate the ability to have G+ related listings optionally in my search results. It's unclear how useful these really are to me, but like the saying goes, "your mileage may vary." There should be a way to turn off the G+ results without disabling Web History personalization. I understand why these are linked, but I don't think it provides the best user experience and control.

I believe the rather aggressive "circle suggestions" to non-logged in users is potentially a real problem. I'm not saying Google shouldn't be able to do this,
but I'm not convinced that it's a good choice, considering the overall environment in which Google finds itself right now. There are times when discretion is indeed the better part of valor.

Finally, I want Britney and Snoop suggestions to get off my results pages, permanently, before I'm forced to throw a boot into a display. As a G+ user, I like getting suggestions about other G+ users to follow within the context of my G+ usage -- but those can be dismissed at my option.

While I certainly do understand the desire to promote G+, those right-hand pane circle suggestions accompanying key Google Search results (again, especially for users who are not logged in) can be annoying, can't be dismissed, and are probably providing antitrust ammunition for Google's adversaries.

So overall, while I believe that most of the loud criticism of Search, plus Your World has been overblown, and that there are most definitely important benefits for users with the integration of Google services, there are relevant aspects of this rollout that could have been handled considerably better.

January 10, 2012

In Thinking the Unthinkable About SOPA a couple of days ago, I touched on the concept of splash pages, banners, and other "in your face" mechanisms to help get the word out -- beyond our usual "preaching to the choir" -- about the evils of SOPA - The Stop Online Piracy Act.

My sense is that problems with SOPA and PIPA (Protect IP Act) are now very well known in the technical community. The question is, how to get people outside of this community to see what they stand to lose through such legislation. This means trying to go beyond our usual "social community" of correspondents and followers.

As I noted in that earlier posting, it's important that we provide specific information that includes action items people can consider to reach out to their Congressional officials and others as appropriate about this issue.

Over on Twitter yesterday, a campaign began for people to overlay "STOP SOPA" banners on their avatar images. This is a great idea as far as it goes, but unfortunately does not provide any information at all about where to find more information about why anyone should want to stop SOPA. Obviously they can conduct a search, but there's really no telling where they'll end up from day to day, and some anti-SOPA approaches are decidedly less likely to have an impact than others.

In light of all this, I've done two things. First, I've created the domain KILLSOPA.ORG as a proposed destination landing place for various banner, splash page, and other anti-SOPA campaigns.

I've also now overlaid this domain name on my standard avatars for Twitter, Google+, and other sites, which appear on postings, profile pages, and so on.

Right now, killsopa.org redirects to an EFF page discussing how to take action against SOPA, but this will change as time and resources permit.

Since we're going to be putting messages out in front of people, it seems logical that these messages should include a destination for more info, not just the protest statement. Using a domain name in this situation helps to solve this problem.

If you have any interest in helping with this effort, in particular with the killsopa.org website itself, please let me know. Of course your other thoughts and any questions are welcome as always.

January 08, 2012

With key votes on SOPA -- the Stop Online Piracy Act -- likely to occur in the very near future, we now find ourselves forced into at least considering courses of action if SOPA (and companion legislation like PIPA -- the Protect IP Act) should pass and be signed into law.

The tea leaves on this are particularly difficult to interpret, but they're emitting a pretty bad odor already.

Entertainment industry supporters of SOPA immediately blasted a much more sensible proposed alternative. Odds are that this alternate timeline will be pinched off in short order.

There has been little change among SOPA supporters as a whole. We can discount disingenuous alterations of position by sleazy operations like Go Daddy simply as the debased pandering that they are.

There had been signs that at least some Congressmen pushing SOPA were starting to have at least a few second thoughts about the technical ramifications. But with SOPA's chief sponsor Rep. Lamar Smith (R-TX) now figuratively giving the finger to SOPA opponents, saying that we are a "vocal minority" -- "because they’re strident doesn’t mean they’re either legitimate or large in number" -- I would not want to bet the farm on substantive changes of the magnitude needed to prevent SOPA from being a total disaster for the Internet and its users.

The outcome of PIPA in the Senate also can't be known with certainty, but signs are increasing that there is sufficient support to move the legislation fairly shortly.

And I would not count on a presidential veto regarding Internet censorship in an election year, given that the resulting legislation may quite possibly arrive with veto-proof majorities. The pro-SOPA entertainment behemoths have spent their money on Congress with great precision.

I will admit that I find Lamar Smith's comments and attitude particularly infuriating.

Most of these SOPA-supporting politicians probably wouldn't know where to put a USB plug if their lives depended on it (though I'd be tempted to offer a suggestion about a possible worthy destination).

And now they're talking down to us from Mt. Olympus on high, proclaiming to the technical world that our concerns don't matter, don't exist, aren't real, and that we should just shut up and let them and their "sugar daddies" run the Internet their way.

Of course, they can't run the Net without us. And unless there's a secret plan to shackle system administrators to consoles with armed guards pointing loaded weapons at our heads, the good will of the technical community will remain essential to the health and continued operation of the Net and its resources.

But again, unless the politicians and MPAA/RIAA bigwigs are skilled at Linux server debugging, IPv6, and the rest of our talents that they apparently view with such little regard, throwing us all in cells will probably result in an, uh, considerable drop in the overall Internet user experience -- like the worst cable and telephone outage you've ever heard of, multiplied by several orders of magnitude at least.

There have been calls from some quarters for demonstrations to help make it clear to Congress that their ability to operate the Internet without our kind assistance is severely limited (i.e. nonexistent).

Some suggested attention grabbers have been concepts such as special anti-SOPA "splash" pages that would appear when users accessed sites, before the actually requested pages would display. There have also been calls for actual shutdowns of major sites for limited periods of time as a dramatic reminder of who actually makes the Internet work.

I'm not particularly enthusiastic about this latter option, unless the period involved was extremely brief. Actually cutting off access, even for relatively short periods of time, could potentially backfire if important information or services were not available in a critical situation that might just happen to occur during the planned outage.

The idea of anti-SOPA banners and splash pages (linking to detailed, plain language explanations of what people will lose under SOPA/PIPA regimes) seems far more attractive.

As technologists we have not been particularly effective in getting word out to the non-technical community about how incredibly dangerous such legislation is to ordinary Internet users. We do a lot of "preaching to the choir" -- but it's everyone else who really needs to be informed.

Splash pages, banners, and other "in your face" techniques do run the risk of becoming annoying if prolonged, but if we explain our case clearly I suspect that most Internet users will understand why these methods are being employed and why the risks of SOPA/PIPA had made this approach necessary.

It is extremely unfortunate that we have come to this state of affairs, where we need to be thinking about circumvention measures simply to ensure freedom of Internet communications, and are considering vast campaigns to explain what crucial aspects of the Internet have now become enormously at risk -- at the hands of a selfish SOPA cadre that desperately wishes to remake the Internet in their own image.

If Lemar Smith is correct, if those of us opposing SOPA are really just few in number and of no real significant consequence, the proponents of SOPA have nothing to worry about.

Then again, if Smith is wrong, the SOPA push could be opening up a Pandora's box the like of which the tech world has never seen before.

January 03, 2012

A number of people have been asking me about the Google Chrome "paid links" controversy that seems to have erupted. A bit of thought would have revealed what was likely going on -- without all the drama -- but let's review.

I immediately suspected that some important piece of information was missing. It simply didn't make sense for Google to be doing this purposely, not only because it would indeed seem to violate their guidelines, but also because it was so utterly obvious and was certain to be instantly noticed!

What would be the upside of such an action that would so quickly draw criticisms and scrutiny? There would be no upside, it would be utterly stupid. And Google isn't perfect, but they're also not stupid. It seemed logical to assume that some third-party confusion was involved.

Of course this hit during the holiday weekend when people were difficult to reach, but today the conspiracy theories blew apart when an outside agency noted that Google didn't authorize such activities and that outside bloggers had created those links inappropriately.

Despite the fact that those links were not Google's fault, Google has now announced that since technically the Google Chrome home page was in essence pulled into violation by those outside links, Google will (to enforce the letter of the rules the same way they would do with other sites) reduce that page's search PageRank for 60 days.

So ends another ersatz Internet drama. As Spock might have said, a bit of logic in the initial analysis -- it just didn't make sense for Google to be purposely violating its own rules as accused -- could have saved a whole bunch of typing.